‘myfile’ contains the secret we want to encrypt, in this case it is just the string: “hello world”. The result of encrypting the content of ‘myfile’ using the above command is the plain text encrypted and then encoded in Base64.

The result is then put in the properties file of the application, ‘application.yml’, using the standard Spring Boot prefix ‘{cipher}’ to signal an encrypted value :

Configuring the application to be able to decrypt the secrets

For the application to be able to decrypt the secrets, it is necessary to extend ‘org.springframework.security.crypto.encrypt.TextEncryptor’ to make use of AWS API. This can be achieved with the library https://github.com/zalando/spring-cloud-config-aws-kms, that can be included in the project as a dependency: